IETF Logo Mail Archive

Re: [hybi] Websocket over TLS keep-alive overhead

Jamie Lokier <jamie@shareable.org> Thu, 29 November 2012 10:11 UTC

Return-Path: <jamie@shareable.org>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4394321F8430 for <hybi@ietfa.amsl.com>; Thu, 29 Nov 2012 02:11:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[AWL=-4.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6ZcxXfPCZjfy for <hybi@ietfa.amsl.com>; Thu, 29 Nov 2012 02:11:06 -0800 (PST)
Received: from mail2.shareable.org (mail2.shareable.org [80.68.89.115]) by ietfa.amsl.com (Postfix) with ESMTP id AC16C21F8826 for <hybi@ietf.org>; Thu, 29 Nov 2012 02:11:06 -0800 (PST)
Received: from jamie by mail2.shareable.org with local (Exim 4.63) (envelope-from <jamie@shareable.org>) id 1Te15D-0004fy-2n; Thu, 29 Nov 2012 10:11:03 +0000
Date: Thu, 29 Nov 2012 10:11:02 +0000
From: Jamie Lokier <jamie@shareable.org>
To: Takeshi Yoshino <tyoshino@google.com>
Message-ID: <20121129101102.GA17793@jl-vm1.vm.bytemark.co.uk>
References: <E44893DD4E290745BB608EB23FDDB762317CFF@008-AM1MPN1-042.mgdnok.nokia.com> <634914A010D0B943A035D226786325D4339290CD54@EXVMBX020-12.exch020.serverdata.net> <CAH9hSJYm3Ucynuumd7iMO8Cw3use1BKBi2MTpybecuS1Si7caA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAH9hSJYm3Ucynuumd7iMO8Cw3use1BKBi2MTpybecuS1Si7caA@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: "hybi@ietf.org" <hybi@ietf.org>
Subject: Re: [hybi] Websocket over TLS keep-alive overhead
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Nov 2012 10:11:07 -0000

Takeshi Yoshino wrote:
>    Hi,
>    Chromium is using 1/n-1 record splitting for TLS 1.0 connection w/ CBC
>    mode cipher to work around BEAST exploit. So, even a WebSocket frame
>    with 1 octet payload (client -> server, 7 octets in total. AES block
>    size (16) * 2 - SHA1 HMAC size (20) - padding length field size (1) >
>    7, so 1 application data record with 32 octets payload is enough) will
>    be packed into two TLS records with big padding.
>    re: TLS compression, it's disabled on Chromium to address another
>    exploit called CRIME.

It might make sense if TLS could transmit its own, much shorter,
keepalive messages, which are for the sole purpose of keeping the link
alive.  I would guess, since they have no other effect, that they
wouldn't be exploitable in the same way.  Is that right?

It would be best if they could be invoked from the higher layer rather
than generated in TLS itself (because the higher layer will have a
better idea of the keepalive patterns that it needs), and if they were
one-way keepalives rather than PING/PONG to avoid amplification
attacks, and because PING/PONG is not the most efficient keepalive
pattern.

Is there provision in TLS for that sort of thing now?

(Of course over mobile links, it would make much more sense for power
efficiency to have a single, aggregated keepalive stream for all
sockets rather than one per active websocket, or some other way of
taking advantage of the phone's existing mobile link-level keepalives
which it already does and are designed for efficiency.)

-- Jamie

v2.23.0 | Report a Bug | By Email